src/rulecache.c

   1 /*****************************************************************************/
   2 /* this should be hashed, but i don't care for now */
   3 typedef struct tsSessionRule tSessionRule;
   4 struct tsSessionRule {
   5   tSessionRule *next;
   6   uint8_t proto;
   7   uint32_t ip; /* 0: any */
   8   uint16_t port; /* 0: any */
   9   uint8_t allow;
  10   uint32_t flags;
  11 };
  12
  13 static tSessionRule *sRules = NULL, *sRulesLast = NULL;
  14
  15
  16 #ifdef OPT_USE_RULE_PARSER
  17 static void clearRules (tSessionRule *sRules) {
  18   while (sRules) {
  19     tSessionRule *c = sRules;
  20     sRules = sRules->next;
  21     free(c);
  22   }
  23 }
  24
  25
  26 static void clearPermanentRules (void) {
  27   tSessionRule *p = NULL, *c = sRules;
  28   while (c) {
  29     tSessionRule *n = c->next;
  30     if (!(c->flags & IPCR_FLAG_SESSION)) {
  31       /* permanent; kill it! */
  32       if (p) p->next = n; else sRules = n;
  33       free(c);
  34     } else p = c;
  35     c = n;
  36   }
  37   sRulesLast = p;
  38 }
  39
  40
  41 #ifdef OPT_RULEPARSER_TEST
  42 static void dumpRules (void) {
  43   printf("RULES DUMP:\n");
  44   tSessionRule *c = sRules;
  45   while (c) {
  46     char dip[512];
  47     inet_ntop(AF_INET, &c->ip, dip, sizeof(dip));
  48     printf("rule: allow=%u, flags=0x%02x, port=%u, ip=%s\n", c->allow, c->flags, c->port, dip);
  49     c = c->next;
  50   }
  51 }
  52 #endif
  53
  54 #endif
  55
  56
  57 /*
  58  * proto: IPCQ_PROTO_TCP, IPCQ_PROTO_UDP or 255 for both
  59  * ip and port are in network order!
  60  */
  61 static tSessionRule *findRule (uint32_t ip, uint16_t port, uint8_t proto) {
  62   logMsg(LOGMSG_DEBUG, "umfw socket: find rule: %08x %u %u\n", ip, port, proto);
  63   tSessionRule *res = sRules;
  64   while (res) {
  65     logMsg(LOGMSG_DEBUG, "umfw socket: rule: %08x %u %u %u\n", res->ip, res->port, res->proto, res->allow);
  66     if ((res->proto == 255 || res->proto == proto) &&
  67         (res->ip == 0 || res->ip == ip) &&
  68         (res->port == 0 || res->port == port)) {
  69       logMsg(LOGMSG_DEBUG, "umfw socket: rule found: %08x %u %u %u\n", res->ip, res->port, res->proto, res->allow);
  70       return res;
  71     }
  72     res = res->next;
  73   }
  74   return NULL;
  75 }
  76
  77
  78 static void addRuleEx (tSessionRule **sRulesH, tSessionRule **sRulesL, uint32_t ip, uint16_t port, uint8_t allow, uint8_t flags) {
  79   tSessionRule *res = malloc(sizeof(tSessionRule));
  80   if (!res) return;
  81   if (flags&IPCR_FLAG_TCP) {
  82     if (flags&IPCR_FLAG_UDP) res->proto = 255; else res->proto = IPCQ_PROTO_TCP;
  83   } else if (flags&IPCR_FLAG_UDP) res->proto = IPCQ_PROTO_UDP; else res->proto = 6;
  84   if (flags&IPCR_FLAG_ANYIP) res->ip = 0; else res->ip = ip;
  85   if (flags&IPCR_FLAG_ANYPORT) res->port = 0; else res->port = port;
  86   res->flags = flags;
  87   res->allow = allow;
  88   res->next = NULL;
  89   if (*sRulesL) (*sRulesL)->next = res;
  90   if (!sRulesH[0]) *sRulesH = res;
  91   *sRulesL = res;
  92 }
  93
  94
  95 static void addRule (uint32_t ip, uint16_t port, uint8_t allow, uint8_t flags) {
  96   addRuleEx(&sRules, &sRulesLast, ip, port, allow, flags);
  97 }